SIEM / Logs

redborder, as an information-gathering solution, has specific functions for receiving and processing the logs produced by computer systems, fundamentally in the security and networking equipment sphere.

This component, along with the others, utilises the characteristics of the redborder platform in general.

Platform

Capacities

Despite the fact that the collection component for logs shares characteristics with the others, there are fundamental elements in its design and use which stem from the need for regulatory compliance. Therefore, it also has the following capacities:

Timestamping

All logs which arrive in the system are given a time mark which validates the exact moment in which said receipt occurred. The internal system time clock is used for this, which can be synchronised with an NTP time service or an ultra-precise time signal based on GPS hardware can be incorporated.

Hashing

In order to avoid the alteration and/or modification of the stored logs, all of the entries are signed with a light algorithm with the server’s own digital certificate. If the user wishes, they can sign blocks of logs in a more robust manner and even send their signature to an external custody service (additional cost).

Complete data

redborder extensively uses an OLAP database to store data which is then displayed. However, this database only stores the key fields which are also aggregated in time. Therefore, unlike the rest of the components, the logs are stored by double entry: a reduced version in the OLAP database and the original version in a distributed file system.